Need to remove expired certs in wso2carbon.jks #3079
Description
Description:
We have some expired certs in our trust stores which generate some warnings after Tomcat upgrade (above 9.0.36). We need to clean those up and add new certs in the next release.
[2021-09-16 13:15:58,321] WARN - SSLUtilBase The trusted certificate with alias [thawtepremiumserverca] and DN [[email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA] is not valid due to [NotAfter: Sat Jan 02 05:29:59 IST 2021]. Certificates signed by this trusted certificate WILL be accepted
[2021-09-16 13:15:58,324] WARN - SSLUtilBase The trusted certificate with alias [addtrustclass1ca] and DN [CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE] is not valid due to [NotAfter: Sat May 30 16:08:31 IST 2020]. Certificates signed by this trusted certificate WILL be accepted
[2021-09-16 13:15:58,324] WARN - SSLUtilBase The trusted certificate with alias [soneraclass2ca] and DN [CN=Sonera Class2 CA, O=Sonera, C=FI] is not valid due to [NotAfter: Tue Apr 06 12:59:40 IST 2021]. Certificates signed by this trusted certificate WILL be accepted
[2021-09-16 13:15:58,325] WARN - SSLUtilBase The trusted certificate with alias [verisigntsaca] and DN [CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA] is not valid due to [NotAfter: Sat Jan 02 05:29:59 IST 2021]. Certificates signed by this trusted certificate WILL be accepted
[2021-09-16 13:15:58,325] WARN - SSLUtilBase The trusted certificate with alias [quovadisrootca] and DN [CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM] is not valid due to [NotAfter: Thu Mar 18 00:03:33 IST 2021]. Certificates signed by this trusted certificate WILL be accepted
[2021-09-16 13:15:58,326] WARN - SSLUtilBase The trusted certificate with alias [addtrustqualifiedca] and DN [CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE] is not valid due to [NotAfter: Sat May 30 16:14:50 IST 2020]. Certificates signed by this trusted certificate WILL be accepted
[2021-09-16 13:15:58,326] WARN - SSLUtilBase The trusted certificate with alias [keynectisrootca] and DN [CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR] is not valid due to [NotAfter: Tue May 26 05:30:00 IST 2020]. Certificates signed by this trusted certificate WILL be accepted
[2021-09-16 13:15:58,327] WARN - SSLUtilBase The trusted certificate with alias [addtrustexternalca] and DN [CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE] is not valid due to [NotAfter: Sat May 30 16:18:38 IST 2020]. Certificates signed by this trusted certificate WILL be accepted
[2021-09-16 13:15:58,327] WARN - SSLUtilBase The trusted certificate with alias [luxtrustglobalrootca] and DN [CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU] is not valid due to [NotAfter: Wed Mar 17 15:21:37 IST 2021]. Certificates signed by this trusted certificate WILL be accepted
Reference :
[1] - https://bz.apache.org/bugzilla/show_bug.cgi?id=64474
[2] - apache/tomcat@ae69c8e#diff-713f64b4a15b8737aac9dcf013e121507948bea3cb29638c4d5b1942de464805